Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

对异常条件检查或处理不恰当

Bosch 多款产品安全漏洞

Bosch Access Professional Edition等都是德国博世（Bosch）公司的产品。Bosch Access Professional Edition是一套企业访问控制和安防管理解决方案。BOSCH VRM等都是德国博世（BOSCH）公司的产品。BOSCH VRM是一个应用软件。Bosch BVMS是一个应用系统。Bosch Access Easy Controller（Bosch Aec）是一种直观、用户友好的基于 Web 的访问控制系统。Bosch Divar Ip是一种多合一录

N/A

N/A